yigityus · October 18, 2019 06:47
diff --git a/APIKeyAuthFilter.java b/APIKeyAuthFilter.java
 import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

 /**
 * https://stackoverflow.com/questions/48446708/securing-spring-boot-api-with-api-key-and-secret
 */


 public class APIKeyAuthFilter extends AbstractPreAuthenticatedProcessingFilter {

    private String principalRequestHeader;

    public APIKeyAuthFilter(String principalRequestHeader) {
        this.principalRequestHeader = principalRequestHeader;
    }

    @Override
    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
        return request.getHeader(principalRequestHeader);
    }

    @Override
    protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
        return "N/A";
    }

 }
diff --git a/APISecurityConfig.java b/APISecurityConfig.java
 @Configuration
 @EnableWebSecurity
 @Order(1)
 public class APISecurityConfig extends WebSecurityConfigurerAdapter {

    @Value("${yourapp.http.auth-token-header-name}")
    private String principalRequestHeader;

    @Value("${yourapp.http.auth-token}")
    private String principalRequestValue;

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        APIKeyAuthFilter filter = new APIKeyAuthFilter(principalRequestHeader);
        filter.setAuthenticationManager(new AuthenticationManager() {

            @Override
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                String principal = (String) authentication.getPrincipal();
                if (!principalRequestValue.equals(principal))
                {
                    throw new BadCredentialsException("The API key was not found or not the expected value.");
                }
                authentication.setAuthenticated(true);
                return authentication;
            }
        });
        httpSecurity.
            antMatcher("/api/**").
            csrf().disable().
            sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
            and().addFilter(filter).authorizeRequests().anyRequest().authenticated();
    }

 }
	import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;

	/**
	* https://stackoverflow.com/questions/48446708/securing-spring-boot-api-with-api-key-and-secret
	*/


	public class APIKeyAuthFilter extends AbstractPreAuthenticatedProcessingFilter {

	private String principalRequestHeader;

	public APIKeyAuthFilter(String principalRequestHeader) {
	this.principalRequestHeader = principalRequestHeader;
	}

	@Override
	protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
	return request.getHeader(principalRequestHeader);
	}

	@Override
	protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
	return "N/A";
	}

	}
	@Configuration
	@EnableWebSecurity
	@Order(1)
	public class APISecurityConfig extends WebSecurityConfigurerAdapter {

	@Value("${yourapp.http.auth-token-header-name}")
	private String principalRequestHeader;

	@Value("${yourapp.http.auth-token}")
	private String principalRequestValue;

	@Override
	protected void configure(HttpSecurity httpSecurity) throws Exception {
	APIKeyAuthFilter filter = new APIKeyAuthFilter(principalRequestHeader);
	filter.setAuthenticationManager(new AuthenticationManager() {

	@Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
	String principal = (String) authentication.getPrincipal();
	if (!principalRequestValue.equals(principal))
	{
	throw new BadCredentialsException("The API key was not found or not the expected value.");
	}
	authentication.setAuthenticated(true);
	return authentication;
	}
	});
	httpSecurity.
	antMatcher("/api/**").
	csrf().disable().
	sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
	and().addFilter(filter).authorizeRequests().anyRequest().authenticated();
	}

	}